Cryptojacking Attack Hits Hundreds of Websites to Mine Monero

Cryptojacking has been one of the most significant security threat researchers have been facing ever since cryptocurrencies took off last year. Mining requires computational power, and in return, miners are awarded a small amount of cryptocurrency. With cryptojacking, hackers infect machines and secretly use them to mine cryptocurrencies.

According to a report by the UK’s National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) titled The Cyber Threat to UK Business,“Cryptojacking will likely become a regular source of revenue for website owners.” In February this year, Tesla’s website was hacked to mine Monero.

Some website owners have implemented cryptojacking as a source of revenue for them. However, hackers have been targeting websites with inadequate security to implement cryptojacking. In these cases, both the website owner and the users do not know the existence of the malicious code.

According to a new report published by Bad Packets, more than 300 websites have been affected by cryptojacking malware due to a vulnerability in an outdated version of Drupal which is a content management system similar to WordPress. Initially, they were notified of cryptojacking on the websites of San Diego Zoo and the government of Chihuahua. On cross-referencing the two sites, the only common link was that both sites used an outdated version of Drupal.

Coinhive was used in these sites to mine Monero. Coinhive is a JavaScript-based miner which can be implemented easily and runs on the browser as long as the site is open. Also, since it mines Monero which is a privacy-focused coin, it is hard to trace them.

Once they knew what they were looking for, they scanned the internet and found more than 350 affected websites that were affected by the bug. A lot of these websites were educational institutions and government organizations. Also, most of the affected websites were within the United States.

JavaScript was used to inject the malicious code on the affected websites and the malware only seems to affect sites that use an outdated version of Drupal. The security bug has been patched and if you are still running a site that uses an outdated version of Drupal, now would be a good time to upgrade.

All information is provided on an as-is basis. Where we allow Bloggers to publish articles on our platform please note these are not our opinions or views and we have no affiliation with the companies mentioned